RFR 8149521: automatic discovery of LDAP servers with Kerberos authentication

Vincent Ryan vincent.x.ryan at oracle.com
Tue May 10 13:52:32 UTC 2016


Looks fine to me Max.
Thanks.

> On 10 May 2016, at 14:34, Wang Weijun <weijun.wang at oracle.com> wrote:
> 
> Hi All
> 
> Please take a review at 
> 
>   http://cr.openjdk.java.net/~weijun/8149521/webrev.00/
> 
> While the bug report [1] suggests we can fix com.sun.jndi.ldap.ServiceLocator to emit a trail-dot-less hostname, I am not sure if it's safe to do so. Anyway, the failure is on the Kerberos side and I believe this is a regression since we stop canonicalizing the hostname. Therefore I prefer to do a small "normalization" inside PrincipalName.
> 
> Thanks
> Max
> 
> [1] https://bugs.openjdk.java.net/browse/JDK-8149521




More information about the security-dev mailing list